I’ve written about bank security before (see Innovation in banking) with concerns over password authentication generally in banking transactions. This evening, I received a phone call from the fraud departments of one of the financial institutions I have a credit card with wanting to discuss my account. I immediately asked for their details and called back on a known number and was put through to the person in question.

At the end of the call this individual advised me that I could always identify them as a legitimate caller by having them provide me with some personal information about me. Although they have called me on a known number they have listed for me, if for example I had my wallet and mobile phone stolen, then calling me on my mobile phone would alert thieves that the bank fraud department was onto them.

Although banks are getting a lot better (certainly with respect to having no objection to a request for a customer to call them back), some more thought needs to be put into this process in the world where identity theft is becoming increasingly common.

Firmly on course to get addicted to photography again having bought my 350D, I purchased a Canon EF 70-200 f/2.8L IS USM lens. This was my first experience of an L-series and Image Stabilisation lens and I really couldn’t bear being without IS on anything beyond 70mm now.

As I was told to expect, the lens is very heavy due to the construction, but it’s one of the best lenses available. I was torn between waiting for the 70-200 f/4L IS which has 4-stop IS (as opposed to 3-stop on this lens) but the extra light compensates for it slightly, and availability of the other lens is still unsure although it is due our soon. It may well be an economical alternative if anyone else is considering this type of lens if the pricing I’ve seen is correct. The weight makes it difficult to use as a general carry-around lens, but it’s an excellent wildlife, portrait and nature lens. I may consider a DO (Diffractive Optics) lens in the long run as a general carry-around lens to solve this problem.
I experimented a bit to try and work out how useful the 2.8 vs 4.0 aperture was going to be and so far I’ve had mixed results.. The control over the bokeh offered by the lens is a feature I wanted, which is already making me consider my next shorter lens.. something with a f/1.2 or similar aperture.

In terms of the next lens, I have considered the following:

EF 24-105 f/4L IS – Very nice general purpose lens for walking around with as it extends nicely into framing shots from further away.

EF-24-70 f/2.8L – Recommended by many over the 24-105 even without IS. Fast lens that would complement my 70-200mm well (albeit some overlap would be good).

EF 17-40 f/4L – Dedicated wide angle lens. Considered as an amateur alternative to the faster and more expensive 16-35 f/2.8L which would be better to achieve control over the depth-of-field.

MP-E65 f/2.8 macro – Dedicated macro lens with zoom factor. This is probably ideal as a macro option but limited otherwise, and expensive.

Interestingly, in the primes, the EF 35 f/1.4L, EF 24 f/1.4L IS or EF 50 f/1.8 II which one of the cheapest Canon lenses may have some potential for isolating the subject. I suspect for the next zoom the 24-105L f/4L IS will be most tempting due to the IS and more general purpose use, although having used a f/2.8 lens it will feel bad going with a slower lens.

Incidentally I purchased my 70-200 from Calumet on Wardour Street in London W1. The staff member who assisted me was very friendly and was perfectly happy for me to try the lens on my camera without question. He was also very open about his own views (he’s a Nikon person as he has about every lens he can get for them, but he viewed Canon IS as one of the best). I would highly recommend Calumet to anyone who wants to buy something more than a point-and-shoot.. They appear to have quite a bit in stock too – www.calumetphoto.co.uk

Having experience of banking systems outside the U.K. I am surprised at the way banks here still work. Some will comment on the outdated nature of cheques, although I think they have their uses, but what concerns me more is lack of control and security. Whilst other industries are innovating, banks are very slow to make changes. Whilst this is to a degree understandable on the basis that traditionally such industries are “stable” and cannot risk extensive problems, many of these issues are quite important. It should be noted that these may not apply to coporate customers of banks however consumers and small businesses are certainly being let down.

Innovation

Many small businesses process tranasactions manually or in some cases with limited support from accounting packages to ‘import’ data from online banking interfaces. Although banks are nowadays offering text messages you can request for different transaction types, I have yet to find a bank that has designed an open XML interface for customers to integrate into their own systems. This probably due to the fear of security breaches within customer systems. They should also allow customers to pre-define notifications of particular events to be sent by encrypted e-mail. We shouldn’t have to login to a bank’s website to communicate with them, especially on matters which are not sensitive or confidential. Credit Card payment processors such as Worldpay have been based on providing the ability to integrate into existing business systems from the beginning to process transactions. Having a quick and easy way for a company to request recent transaction information from the bank could dramatically reduce the administrative burden of bookkeeping for smaller businesses.

Recurring Payments

There are three key methods of making recurring payments automatically: Credit Card Continuous Authority, Standing Order and Direct Debit. Continuous Authority on Credit Cards seems to be a significant problem as it’s not always easy to cancel this other than by getting a new card issued with a new number, a major inconvenience to anyone who has provided companies with their credit card details to hold on file for this purpose as each one needs to be notified of the new details.

Standing Orders give you full control over the process as the amount is fixed, but this is also the problem as is makes it unsuitable as a method of paying any bills which vary in amount. Direct Debits cover this by allowing the supplier to vary the amount once an authority has been established, whilst giving consumers the protection of getting a transaction reversed immediately without question by their bank. This is an important safeguard.

The problem with Direct Debits is that whilst my bank may well refund me immediately if I report a problem, by the time I realise such an error has taken place, other transactions could possibly have bounced for lack of funds. It is clearly documented that billing mistakes happen and no matter how much reserve you can keep in an account, this problem remains.

The solution? Direct Debit Transaction Pre-Notification. Anyone who has worked in larger commercial buildings will be aware of fire alarm systems with the notion of a ‘pre-alarm’ which allows on-site staff to investigate any fire alarm incidents within a specified time period of a minute or two and if it is found to be a false alarm, it is possible to cancel the call prior to the fire brigade being requested to attend. The same system would work well with Direct Debits allowing users for example two working days to issue a ’stop’ on a requested payment. Some credit card companies are starting to implement something similar to this by calling or sending a text message when a card is being used under certain conditions.
An even simpler solution that would be easy to implement would be the concept of setting variables within Direct Debit mandates limiting the amounts that can be debited from an account. If your average monthly mobile bill is £40, then setting the mobile phone company’s authority to a maximum of £120 would significantly reduce the risk of any over-debiting to have negative effects on other payments. The exact figures of course will depend on everyone’s individual circumstances. Companies would need to bear these limits in mind when considering credit limits, etc. but as long as they are known by all the parties, it would be a significant improvement to the current system. If such schemes also enabled more smaller companies to use Direct Debits, I would be inclined to switch to using Direct Debits.

Invoice Payment Standard

Many companies now send invoices out electronically, and there are are various payment methods offered. It would be very useful to be able to have a standard template which is used to describe a transaction and the payment required such that those involved in paying many invoices (in businesses) can simply click “pay bill” and the bank is sent the instructions provided in the electronic document. There are electronic billing standards already, used more widely within specific professions but these are not in widescale and general use.

Authentication & Security

I am sometimes astounded by the lack of security options offered by banks for online banking customers. The practise of phishing is so prevalent and the security awareness of the average user to social engineering techniques is very weak.

The first issue is the use of passwords for authentication. This is a major security loophole. Corporate customers of banks and some share dealing systems use one-time password tokens such as SecurID for security, whilst other banks are using smartcard authentication, although this has been targetted at medium/large businesses only thus far. Barclays have announced recently they will be rolling this out to all customers which is welcome. One-time passwords do not in themselves stop fraud, although they make detection slightly easier as the window for fraud is reduced. We shall have to see if the widescale implementation of smart-card authentication is an improvement in security for users or a digital signature banks will rely on to refuse to take responsibility for fraud. Implementation is key here.

The banking industry has far to progress to catch up on the flow of information that is resulting in new ways of working.